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WHAT IS CLAIMED IS: 

1 . A method for policing communications packets, comprising: 
classifying the data stream into at least one traffic flow; 
classifying at least one of the traffic flows into a plurality of first level 

subflows; 

measuring a rate of each of the first level subflows associated with the 
traffic flow when the traffic flow reaches a predetermined bandwidth threshold; and 

marking the packets associated with each of the first level subflows 
with one of a plurality of conformance indicators based on the measured rate of the 
respective first level subflow. 

2. The method of Claim 1 , further comprising: 

assigning a rate limit to each of the first level subflows; and 
comparing each first level subflow to its corresponding rate limit. 

3. The method of Claim 2, wherein marking the packets comprises 
marking the packets based on whether the measured rate of each first level subflow 
exceeds its respective rate limit. 

4. The method of Claim 1 , further comprising classifying at least one of 
the first level subflows into a plurality of second level subflows. 

5. The method of Claim 1 , further comprising classifying at least one of 
the first level subflows into further levels of subflows to an n th level of subflows. 

6. The method of Claim 5, further comprising: 

assigning a rate limit to each of the n th level subflows; and 
comparing each n th level subflow to its corresponding rate limit. 

7. The method of Claim 5, wherein marking the packets comprises 
marking the packets based on whether the measured rate of the respective n th level 
subflow exceeds its respective rate limit. 

Page 34 
ALG 1 305.1 0-US-01 
Patent Application 



35 

1 8. The method of Claim 5, further comprising: 

2 measuring a rate of each of the n th level subflows associated 

3 with its parent subf low; and 

4 marking the packets associated with each of the n th level subflows with 

5 one of a plurality of conformance indicators based on the measured rate of the 

6 respective n th level subflow. 

1 9. The method of Claim 1 , further comprising monitoring each of the 

2 traffic flows to determine whether each respective traffic flow has reached the 

3 predetermined bandwidth threshold. 

1 1 0. The method of Claim 9, wherein monitoring each of the traffic flows 

H 2 comprises monitoring for a triggering token level in a credit-token metering 

CO 3 methodology. 

CO 1 11. The method of Claim 1 , further comprising assigning a priority level to 

*4 2 each of the first level subflows, wherein at least two of the priority levels are different 

L 3 so that at least one of the first level subflows has priority over another of the first 

m 4 level subflows. 

D 1 12. The method of Claim 1 1 , wherein the priority levels are effected by 

r ~ 2 associating a rate limit with each of the subflows, and wherein marking the packets 

3 based on the measured rate comprises marking the packets based on whether the 

4 rate limit is exceeded for the corresponding subflow. 

1 1 3. The method of Claim 1 , further comprising adding a flow ID 

2 corresponding to the classified flow to a local header, and identifying a traffic flow to 

3 meter based on the flow ID. 

1 14. The method of Claim 1 , further comprising adding a subflow ID 

2 corresponding to the classified subflow to a local header, and identifying the first 

3 level subflow in which its rate is to be measured based on the subflow ID. 
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1 15. The method of Claim 1 , wherein classifying the data stream into at 

2 least one traffic flow comprises classifying the data stream based on protocol layer 

3 information. 

1 16. The method of Claim 15, wherein classifying the data stream based on 

2 protocol layer information comprises classifying the data stream based on layer-3 

3 information. 

1 1 7. The method of Claim 1 6, wherein classifying the data stream based on 

2 Iayer-3 information comprises classifying the data stream based on at least one of a 

3 source address and a destination address. 

Q 1 18. The method of Claim 1 , wherein classifying at least one of the traffic 

m 2 flows into a plurality of first level subflows comprises classifying the traffic flow 

+; 3 based on protocol layer information. 

il 1 19. The method of Claim 18, wherein classifying the traffic flow based on 

2 protocol layer information comprises classifying the traffic flow based on layer-4 
m 3 information. 

q 1 20. The method of Claim 19, wherein classifying the traffic flow based on 

H 2 layer-4 information comprises classifying the traffic flow based on at least a port 

3 number. 

1 21 . The method of Claim 1 , wherein classifying the data stream and 

2 classifying at least one of the traffic flows into a plurality of first level subflows 

3 comprises classifying the data stream and traffic flows based on any predetermined 

4 one or more fields in any embedded header of each packet. 

1 22. The method of Claim 1 , wherein measuring a rate of each of the first 

2 level subflows comprises metering each of the first level subflows using a credit- 

3 token methodology. 
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1 23. The method of Claim 1 , wherein measuring a rate of each of the first 

2 level subflows comprises metering each of the first level subflows using a color- 

3 based methodology. 

1 24. The method of Claim 1 , wherein measuring a rate of each of the first 

2 level subflows comprises metering each of the first level subflows using an F-GCRA 

3 methodology. 

1 25. The method of Claim 1 , further comprising discarding packets of a 

2 non-conforming subflow which are marked with a conformance indicator indicating 

3 that the corresponding packets of the non-conforming subflow should be discarded. 

Q 1 26. The method of Claim 25, further comprising forwarding packets of a 

Iq 2 conforming subflow which are marked with a conformance indicator indicating that 

3 the corresponding packets of the conforming subflow should not be discarded. 

Jl 1 27. The method of Claim 1 , further comprising assigning a rate limit to 

s 2 each of the first level subflows, and wherein marking the packets comprises marking 

5 3 the packets associated with a subflow as non-conforming where the rate of the 

l i 4 subflow exceeds its respective rate limit. 

¥ * 1 28. The method of Claim 1 , further comprising assigning a rate limit to 

2 each of the first level subflows, and wherein marking the packets comprises marking 

3 the packets associated with a subflow as conforming where the rate of the subflow 

4 exceeds its respective rate limit but remains within the predetermined bandwidth 

5 threshold of the traffic flow. 

1 29. The method of Claim 1 , further comprising assigning a rate limit to 

2 each of the first level subflows, and wherein marking the packets comprises: 

3 marking the packets associated with a subflow as conforming where 

4 the rate of the subflow exceeds its respective rate limit but remains within the 

5 predetermined bandwidth threshold of the traffic flow; and 
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6 marking the packets associated with the subflow as non-conforming 

7 where the rate of the subflow exceeds both its respective rate limit and the 

8 predetermined bandwidth threshold of the traffic flow. 

1 30. The method of Claim 1 , further comprising allocating substantially all of 

2 the available bandwidth of the traffic flow to one of the subflows where the traffic 

3 flow has reached the predetermined bandwidth threshold and the other subflows are 

4 not utilizing bandwidth. 

1 31 . The method of Claim 30, wherein marking the packets comprises: 

2 marking the packets associated with the one subflow as conforming 

3 where the rate of the subflow exceeds its respective rate limit but remains within the 
Q 4 predetermined bandwidth threshold of the traffic flow; and 

Co 5 marking the packets associated with the subflow as non-conforming 

% 6 where the rate of the subflow exceeds both its respective rate limit and the 

W 7 predetermined bandwidth threshold of the traffic flow. 

^ 1 32. The method of Claim 1 , further comprising assigning a rate limit to 

in 2 each of the first level subflows and allocating the available bandwidth of the traffic 

lS 3 flow to a plurality of the subflows if the traffic flow has reached the predetermined 

O 4 bandwidth threshold, wherein the available bandwidth of the traffic flow is allocated 

5 to the plurality of subflows based on their respective rate limits and demand for 

6 bandwidth. 



1 33. A method for providing layered policing of packets of a data stream, 

2 comprising: 

3 parsing the data stream into a plurality of flows; 

4 for any of the flows, identifying at least one characteristic common to a 

5 first subset of the flow; 

6 associating a first drop probability with each of the packets of the first 

7 subset having the common characteristic, and associating a second drop probability 
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8 to at least one other subset of the flow, thereby providing different drop probabilities 

9 for different subsets of the flow. 

1 34. The method of Claim 33, wherein the first drop probability indicates 

2 that the packets of the first subset are to be dropped. 

1 35. The method of Claim 34, wherein the second drop probability indicates 

2 that the packets of the at least one other subset are not to be dropped. 

1 36. The method of Claim 33, wherein the first drop probability indicates 

2 that the packets of the first subset have a greater likelihood of being dropped prior to 

3 the at least one other subset of the flow. 

J;3 1 37. The method of Claim 33, wherein parsing the data stream comprises 

=p 2 respectively grouping the packets having predetermined common characteristics 

2 3 into the flows. 

IT 1 38. The method of Claim 37, wherein grouping the packets having 

3 2 predetermined common characteristics comprises grouping those packets having 
O 3 predetermined information in one or more header fields embedded in the packet. 

f.* 1 39. The method of Claim 38, wherein the one or more header fields 

2 comprise header fields of a network layer header. 

1 40. The method of Claim 39, wherein the header fields of the network 

2 layer header comprises at least one of a source address and a destination address. 

1 41 . The method of Claim 33, wherein identifying at least one characteristic 

2 common to the first subset of the flow comprises identifying common information in 

3 one or more header fields embedded in the packets to distinguish the first subset 

4 from the other subsets of the flow. 
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1 42. The method of Claim 41 , wherein the one or more header fields 

2 comprise header fields of a transport layer header. 

1 43. The method of Claim 42, wherein the header fields of the transport 

2 layer header comprises a port number. 

1 44. The method of Claim 33: 

2 further comprising identifying at least one characteristic common to a 

3 second subset of the flow; and 

4 wherein associating a second drop probability to at least one other 

5 subset of the flow comprises associating the second drop probability with each of 

6 the packets of the second subset of the flow. 

JK 1 45. The method of Claim 44, wherein the first and second drop 

■F 2 probabilities are equivalent. 

T 3-iSJ. S 

JT 1 46. The method of Claim 44, wherein the first and second drop 

s 2 probabilities are different. 

= 

O 1 47. The method of Claim 44: 

q 2 further comprising identifying at least one characteristic common to an 

^ 3 n th subset of the flow; and 

4 wherein associating a second drop probability to at least one other 

5 subset of the flow comprises associating the second drop probability with each of 

6 the packets of the n th subset of the flow. 

1 48. The method of Claim 33, wherein one of the subsets of the flow 

2 comprises all packets otherwise not associated with a subset defined by having 

3 common characteristics. 

1 49. A packet policing system for providing layered policing of packets of a 

2 data stream, comprising: 
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3 A) a classifier to receive and parse the data stream into a plurality of 

4 traffic flows, and to parse at least one of the traffic flows into a plurality of subflows; 

5 and 

6 B) a policing engine coupled to the classifier to receive each of the 

7 subflows, and to individually meter each of the subflows associated with each traffic 

8 flow in accordance with predefined subflow priorities assigned to each of the 

9 subflows. 

1 50. The packet policing system as in Claim 49, wherein the policing engine 

2 includes a memory to store the predefined subflow priorities assigned to each of the 

3 subflows. 

^ 1 51 . The packet policing system as in Claim 50, wherein the predefined 

tt! 2 subflow priorities include predefined rate limits. 

tt 1 52. The packet policing system as in Claim 51 , wherein the policing engine 

q 2 includes a processor coupled to receive the rate limits for each of the subflows, to 

L, 3 compare a subflow packet rate for each of the subflows to its respective rate limit, 

If! 4 and to provide a conformance rating in response thereto. 

P 1 53. The packet policing system as in Claim 52, further comprising an 

2 editing module coupled to the policing engine to modify each of the packets of each 

3 subflow with the conformance rating provided by the processor. 

1 54. The packet policing system as in Claim 53, further comprising a packet 

2 drop module coupled to receive the modified packets from the editing module, and 

3 to accept or discard each of the modified packets based on the conformance rating. 

1 55. The packet policing system as in Claim 49, further comprising a packet 

2 drop module coupled to receive the modified packets from the policing engine in 

3 response to the individual metering of the subflows. 
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1 56. A packet policing system for providing layered policing of packets of a 

2 data stream, comprising: 

3 means for classifying the data stream into at least one traffic flow; 

4 means for classifying at least one of the traffic flows into a plurality of 

5 first level subflows; 

6 means for measuring the packet rate of each of the first level subflows 

7 associated with the traffic flow when the traffic flow reaches a predetermined 

8 bandwidth threshold; and 

9 means for marking the packets associated with each of the first level 

1 0 subflows with one of a plurality of conformance indicators based on the measured 

1 1 packet rate of the respective first level subflow. 

l d 1 57. A packet policing apparatus for providing layered policing of packets of 

CO 2 a data stream, comprising: 

3 means for parsing the data stream into a plurality of flows; 

} y 4 for any of the flows, means for identifying at least one characteristic 

C3 5 common to a first subset of the flow; 

n 6 means for associating a first drop probability with each of the packets 

J£f 7 of the first subset having the common characteristic, and means for associating a 

j; 8 second drop probability to at least one other subset of the flow, thereby providing 

;t 9 different drop probabilities for different subsets of the flow. 

1 58. A computer-readable medium having computer-executable instructions 

2 for policing communications packets, the computer-executable instructions 

3 performing steps comprising: 

4 classifying the data stream into at least one traffic flow; 

5 classifying at least one of the traffic flows into a plurality of first level 

6 subflows; 

7 measuring a rate of each of the first level subflows associated with the 

8 traffic flow when the traffic flow reaches a predetermined bandwidth threshold; and 
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marking the packets associated with each of the first level subflows 
with one of a plurality of conformance indicators based on the measured rate of the 
respective first level subflow. 

59. A method for providing layered policing of packets of a data stream, 
comprising: 

parsing the data stream into one or more flows; 

parsing at least one of the flows into a high-priority subflow and at 
least one standard subflow; 

enabling the high-priority and standard subflows to be monitored for 
bandwidth conformance when the flow reaches a predetermined bandwidth 
threshold; 

marking the high-priority subflow as conforming while allowing the 
standard subflows to be marked as non-conforming if the flow becomes non- 
conforming; 

where the flow has become non-conforming, adjusting the bandwidth 
of the standard subflows to bring the flow into conformance. 

60. A method for maximizing exploitation of a contracted bandwidth for a 
flow, comprising: 

parsing the flow into a high-priority subflow and at least one standard 

subflow; 

assigning rate limits to the high-priority subflow and the at least one 
standard subflow; 

monitoring packet conformance on a subflow level when the flow 
decreases to a predetermined bandwidth capacity; 

providing guaranteed bandwidth to the high-priority subflow while 
providing best effort bandwidth to the at least one standard subflow, regardless of 
whether the flow has exceeded its contracted bandwidth; 
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if the flow has exceeded its contracted bandwidth, adjusting the 
bandwidth of the at least one standard subflow to bring the flow into conformance, 
while maintaining the guaranteed bandwidth to the high-priority subflow. 
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